« Security Advisories » blog posts
Have found a security issue in Symfony? Send the details to security [at] symfony.com and don't disclose it publicly until we can provide a fix for it.
CVE-2022-24894: Prevent storing cookie headers in HttpCache
CVE-2022-24894: Prevent storing cookie headers in HttpCache.
February 1, 2023 · Published in #Security AdvisoriesCVE-2022-24895: CSRF token fixation
CVE-2022-24895: CSRF token fixation.
February 1, 2023 · Published in #Security AdvisoriesCVE-2022-23601: CSRF token missing in forms
CVE-2022-23601 fixes CSRF token missing in forms.
January 29, 2022 · Published in #Security AdvisoriesCVE-2021-41268: Remember me cookie persistance after password changes
CVE-2021-41268: Remember me cookie persistance after password changes
November 24, 2021 · Published in #Security AdvisoriesCVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request
November 24, 2021 · Published in #Security AdvisoriesCVE-2021-41270: Prevent CSV Injection via formulas
CVE-2021-41270: Prevent CSV Injection via formulas
November 24, 2021 · Published in #Security AdvisoriesCVE-2021-32693: Authentication granted to all firewalls instead of just one
CVE-2021-32693: Authentication granted to all firewalls instead of just one
June 17, 2021 · Published in #Security AdvisoriesCVE-2021-21424: Prevent user enumeration in authentication mechanisms
CVE-2021-21424 prevents user enumeration in authentication mechanisms
May 12, 2021 · Published in #Security AdvisoriesCVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient
CVE-2020-15094 fixes an issue to prevent RCE when calling untrusted remote with CachingHttpClient
September 2, 2020 · Published in #Security AdvisoriesCVE-2020-5275: All "access_control" rules are required when a firewall uses the unanimous strategy
CVE-2020-5275 fixes an issue preventing all rules set in "access_control" to be checked when a firewall is configured with the unanimous strategy
March 30, 2020 · Published in #Security Advisories